What is MAS TRM?
MAS TRM is a comprehensive set of guidelines from the Monetary Authority of Singapore aimed at helping Financial Institutions (Fis) improve their cyber resilience and establish sound and robust technology management practices. MAS TRM is an acronym for ‘Monetary Authority of Singapore Technology Risk Management’.
Benefits Of MAS Compliance
The MAS TRM Compliance service helps an organisation:
- Determine maturity of the controls implemented and identify gaps/areas of improvements regarding the MAS TRM Guidelines.
- Determine the applicability of controls and assessing the policy/process as well as security controls to determine the overall maturity and effectiveness of the security posture of your organisation.
Meeting The Challenge
Implementing the MAS TRM cybersecurity guidelines and managing compliance to it, is a challenge faced by many organisations large and small. The requirement to implement controls, be cyber resilient and institute robust risk management and oversight can seem a daunting process and can be difficult to evaluate.
For those wanting to understand and improve their current security posture, the range of services provided by EDGENETIC can be used to baseline your maturity level and help you evolve your information security strategy in alignment with the MAS TRM Guidelines.
About The MAS TRM Compliance Service
- LRQA Nettitude can help our clients analyse their security posture against the MAS TRM Guidelines and identify gaps and areas of improvement. The MAS TRM Compliance review service provided by EDGENETIC will be delivered in a phased approach conducted by experienced consultants. Our consultants are well-versed with NIST, ISO 27001:2013, CIS and other industry frameworks many of which are the building blocks of the MAS TRM Guidelines.
- Our MAS TRM compliance consultants will conduct workshops with different stakeholders through different stages of the engagement. The workshops are designed for top-level management, decision-makers, risk owners, business lines and IT champions – people who have vested interests in compliance with the MAS TRM Guidelines and can additionally provide inputs on the scope of the services that your organisation engages in. Our consultants will also identify the systems, application, infrastructure, technologies that are used by your organisation to deliver services to your customer and therefore is in the scope of the MAS TRM Guidelines.
- If you are running a security or compliance regime, such as PCI DSS, ISO/IEC 27001:2013, NIST Cybersecurity Framework it will demonstrate how the work you are already doing brings you closer to achieving compliance with the MAS TRM Guidelines.
- Our consultants will perform an ISMS review which is aimed at evaluating the existing ISMS that your organisation has in place. Our consultants will review your policies, procedures, process documents to determine how well they align with the MAS TRM Guidelines to determine compliance, identify gaps and potential areas of improvement.
- Our consultants will use a combination of substantive and compliance methods to assess your security controls against the clauses provided in the MAS TRM Guidelines and determine how well your organisation is operating these controls. This review will look across your entire organisation to provide you with an indication of your security posture and risk levels which you are currently exposed to as against the MAS TRM Guidelines. It will also provide you with the ability to create SMART activities/objectives to address those risks.
- EDGENETIC firmly believe in operating good security as the foundation of our offerings so have broken down the MAS TRM Guidelines Compliance review into a number of distinct activities across the following phases:
Phase 1: Planning and Preparation
Our consultants will also identify the systems and infrastructure used that are in-scope for the MAS TRM Guidelines and technologies used by the FIs
Phase 2: Fieldwork
During this phase, our consultants will review all existing policies, procedures, processes and assess how effectively the FI has designed controls for technology risk management and cyber resilience.
Our consultants will also perform a sample-based testing for the controls to determine the operating effectiveness of the controls designed and implemented.
Phase 3: Reporting and Recommendation
During this phase, our consultants will compile the results of the fieldwork performed and prepare reports to be delivered to your oganisation.
The report will detail the gaps identified against the MAS TRM Gudeilines, areas of improvement with detailed issue description as well as recommendations on how the gaps can be remediated.
Our Other Services That Can Help Clients With MAS TRM Guidelines
EDGENETIC can help our clients to navigate through the various controls specified in the MAS TRM Guidelines through a range of our services that clients can avail based on specific scenarios. The table below provides some of our services mapped to the MAS TRM clause.
EDGENETIC Offering
- Policies and process development
- Asset Inventory development
- Third Party Security Assessments
- Security Awareness Trainings
- Source Code Review and Application Security Testing
- Physical Security Assessments
- EDGENETIC SOC
- EDGENETIC CERT
- Vulnerability Assessment and Configuration Reviews
- Penetration Testing
- EDGENETIC Bug Bounty Program
- EDGENETIC Red Teaming and Simulated Targeted Attack and Response (STAR)
- EDGENETIC GRC (Assist with compliance testing and IT Internal Audit)
Why EDGENETIC
Founded in 2003, EDGENETIC is an award-winning provider of cybersecurity services, bringing innovative thought leadership to the ever-evolving cybersecurity marketplace. Leveraging our tenacious curiosity, we aim to operate at the forefront of the industry. Through our research and innovation centres, EDGENETIC provides threat led services that span technical assurance, consulting and managed detection and response offerings.
We are driven by a desire to build and deliver the best cybersecurity propositions in the industry and stay abreast of the evolving legislative and regulatory cybersecurity landscape. This helps our clients to prioritise their cybersecurity risks, enabling them to focus on the activities that are core to their business.
We aim to empower our clients, imparting knowledge, advice and assistance to help them deploy changes in behaviour, understanding, and where appropriate, culture. This methodology is at the core of our services, helping provide pragmatic cybersecurity for industries such as Finance & Banking, IT, Technology and Engineering, Maritime, Offshore, Retail, Healthcare, Manufacturing and Critical National Infrastructure.
Frequently Asked Questions about Data Privacy Security
What is an incident response policy?
An Incident response plan or policy is a process you create before you experience a cyberattack. This is so that your team has a procedure to follow when you do experience a data breach. EDGENETIC follows the CREST Cybersecurity Incident Response process which is broken down into 3 phases: preparation, response, and follow up. Having a breach plan gives you the confidence to quickly nullify any threat to your data privacy security.
Why is data privacy security important?
Although it has always been important, the implications and need for higher security are coming into play now that technology is indispensable to everyday life. Using apps, browsing websites, and shopping online are all examples of how your data will be stored and managed online. For organisations today, the threat of cyber theft is a pertinent one. Having comprehensive data privacy plans in place can reduce and mitigate the risks of such events.
Does EDGENETIC practice sustainability?
As a company with a global footprint, sustainability is an area of importance to us. We are a registered ‘Investor in People’ organisation. Taking a cue from ISO 14001, we have strong sustainability practices put in place. Our organisation also hires fairly and equally, across gender and race. By working with us, you can rest assured that we implement data privacy security measures with ethics at the core of our mission.
Get in touch via the form below and get a free quote from us for our Red Team Security Testing services.